Search This Blog

Thursday, May 07, 2009

firewall-wizards Digest, Vol 37, Issue 8

Send firewall-wizards mailing list submissions to
firewall-wizards@listserv.icsalabs.com

To subscribe or unsubscribe via the World Wide Web, visit
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
or, via email, send a message with subject or body 'help' to
firewall-wizards-request@listserv.icsalabs.com

You can reach the person managing the list at
firewall-wizards-owner@listserv.icsalabs.com

When replying, please edit your Subject line so it is more specific
than "Re: Contents of firewall-wizards digest..."


Today's Topics:

1. Re: Who stay focused? (was: [Fwd: Question])
(hugh.fraser@arcelormittal.com)


----------------------------------------------------------------------

Message: 1
Date: Wed, 6 May 2009 16:29:41 -0400
From: <hugh.fraser@arcelormittal.com>
Subject: Re: [fw-wiz] Who stay focused? (was: [Fwd: Question])
To: <firewall-wizards@listserv.cybertrust.com>
Message-ID:
<EC1C66A282D0D44EAF927CB6058C8BC501732665@dof-mxb-qc01.hamilton.dofasco.ca>

Content-Type: text/plain; charset="iso-8859-1"

Ultimately, though, most of us work in a business environment that's generally governed by business decisions. One of the lessons I learned long ago as a software developer is that the customer only wants good enough, not perfection, even though as a software developer I always knew I could make the product better with a bit more time.

Security's no different. There's a sweet spot somewhere between wide-open and ratcheted down so tight nobody can use it. That sweet spot is always different, and as a security professional, my job is to identify the exposures, the technology and processes to address them, and to work with management to measure the risk. Ultimately, though, I have to sell it, knowing the business climate (a tough sell these days). Sometimes the customer doesn't want to pay for the perfect solution, and I will be held partially accountable for the fallout. But if you've done the front-end work correctly, you will have identified the potential for problems up front. Hopefully, with your credibility still intact, you'll be able to use the opportunity to move closer to the ideal solution.

> On Wed, 15 Apr 2009, Brian Loe wrote:
>
> >
> > Instead use your change management policy to request
> the changes you
> > want to make or the access a user wants. Then if bad
> decisions are
> > made by other people they are documented as to who is
> responsible for
> > the resulting evil!
> >
> > I could care less what my employer wants to do, so
> long as I have
> > informed them of my opinion and accountability for
> their stupidity has
> > been assigned to someone else.
>
>
> This assumes two poiots though, that the BIG guys up there have
> integrity and have taken responsiblity for their decisions.? I seldom
> find either f those to be the case and have seen cases whence the
> "stupidity" still rests on the techies shoulders as "they failed to
> properly inform me of the error of my ways".
>
> Thanks,
> Ron DuFresne

I really have to agree with Ron on this. I see this all too often:
Tech: "If you do that, this important functionality will break."
Manager does that. Functionality breaks.
Manager: "It is all your fault."
Tech: "I warned you that would happen."
Manager: "You didn't persuade me to not do it, so it is your fault."
Manager spreads his version of fault around the company.

hermit921



_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards


------------------------------

_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards


End of firewall-wizards Digest, Vol 37, Issue 8
***********************************************

No comments: